Banned Apps [RESOLVED]

I have added a number of banned apps that have no need to access the net. The other day I had an alert - basically it was - filename.exe(banned app) wanted to use svchost (ole) to connect to the internet. I would have thought that once an app is banned it should be blocked from using any access path.
Outside of that I am very impressed with this piece of software.


I’ve noticed the same.

There’s worse: IE6 is blocked for everything, but twice now there’s been a second entry in the Apps list allowing it. It seems that if some link tries to use IE instead of Opera, or an application tries to get to the web or use IE for Help files, IE is allowed by CFP.

Actually, CFP lists IE as safe software ???


Dear me IE as safe software ;D
Few other things are starting to worry me.
With the firewall on it takes ages to log into my modem and access configuration pages. Turn the firewall off and there is a significant speed increase.

I use diskeeper to look after the hard drive. DK service wants to connect-no you have no need to phone-deny. Then for some reason the diskeeper service under windows services will stop even though set to auto. Restart the service. it will run until the next alert. Have now allowed it for a while to see whats going on.


Just so you know, IE is in the trusted database because it isn’t spyware or malware. Of course IE has exploits which people can use to cause havoc, but thats not the point of the trusted database :wink:

As for Diskeeper, that product has a network defrag built into it, so it will act as a server on the host machine, it would therefore be normal for it wanting outbound connections. However, wht you should pay attention to is the IP on the popup - is it and internal or external IP? If its internal you have nothing to worry about (save for a slight decrease in network performance), but if its external you could probably say that isn’t needed, so you can create a network rule to block anything which isn’t internal.

Yeah OK thats makes sense, thanks for the info.
Disregard the modem problem, a reset fixed that.
Screwed something up playing around with some stupid piece of software now in the middle of a full reinstall. Oh well nice clean hdd now.

Yes, agreed - just my cynicism.

The main point is that a blocked app. that’s also ‘trusted’ can just make its own rule and get past the block - this seems to make nonsense of having a firewall.


Hey, Sullo,

Just wanted to address this quickly for you (aside from Rucia’s explanations)…

If you go to Security/Advanced/Miscellaneous, you can uncheck the 2nd box, “Do not show alerts for applications certified by Comodo.” Click OK. A reboot is a good idea then, to clear out the memory and set the changes. This basically takes CPF’s “Safelist” out of the loop; you should see popups for everything you haven’t created a rule on.

Inasfar as your banned app alert with svchost & OLE, you will get that regardless, upon occasion. This is because the OLE monitoring falls into a different category of communication (under Application Behavior Analysis), which monitors for possible malware activities. You’ll get that sometimes, even for a fully-allowed application (frequently this happens just after an application has been closed), and is related to the way the operating system and applications use this object-sharing protocol to communicate with each other. The popup should give you the IP address to which it is attempting to connect; you should see that it’s a known address, such as the website you’re on at the time.

It has been stated (by Comodo) that as long as you know the application listed as attempting to use OLE, it is safe to Allow; CPF will keep that in memory for that session only. The time to be concerned is if it comes up out of nowhere, with an application you’re not familiar with (or don’t know you have…). If you choose to Deny an OLE alert, CPF will block your applications from connecting to the internet (as it perceives you must have malware trying to get out…) until you reboot your computer.

Hope that helps,


If you go to Security/Advanced/Miscellaneous, you can uncheck the 2nd box, "Do not show alerts for applications certified by Comodo." Click OK. A reboot is a good idea then, to clear out the memory and set the changes. This basically takes CPF's "Safelist" out of the loop; you should see popups for everything you haven't created a rule on.

Aaargh! Thought ‘Great - I’ll go and do this’: it was already done (when I’d first set it up) and still IE does ‘something’. Created a rule now in case that will do it - and I’ll read the alerts more carefully, in case it was my fault :-[



Thanks Little Mac
That sorted that out.
With ZA I got used to having a quick look at the alert and allow or deny (will look over the alerts more fully in future. I must say I prefer the level of security of comodo.
Amazing how fast a clean computer is.

Good, I’m glad that explanation helped. It seemed like it might, if you had a better idea of how the firewall worked; with some the level of complexity of its operations is a little overwhelming. I try to keep a balance, but you never know… I sure didn’t want to blow your mind with too much info. :wink:

Be sure to post back how that works for you, in regards to your original question.


I don’t know if I should say this, but everything is working really well now thanks Little Mac (touch wood, as he taps on the top of his head).
I like the way the OLE works, this gives me a greater level of control and knowledge of what is going on in the system.

Thanks again
Regards sullo

(old Irish saying “may you be in heaven half an hour before the devil knows youre dead”)

Great, sullo, glad to hear it’s doing better…

I’ll go ahead and mark this resolved and close the topic, so other users will have a point of reference. If things go down the drain again on this, PM me and I’ll reopen the topic (be sure to include a link, to make sure I find it… :wink: ).

Also, I’ll be sure to let Egemen know you like the OLE setup; he’ll be glad to hear that!